[December-13-2025] Daily Cybersecurity Threat Report

Posted on

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data.

1. Alleged leak of login credentials to Sripatum University

2. Alleged sale of French data

3. Alleged data breach of PureJewels

4. Alleged leak of login credentials from KidDiary School

5. Alleged sale of unauthorized admin access to an Evolt Technology Co,Ltd.

6. Alleged leak of login credentials from AECMobile

7. Alleged leak of unauthorized access to Hartsfield-Jackson Atlanta International Airport

8. Alleged unauthorized access to DTCUltimate

9. Alleged data breach of Israel Car Rental Guide

  • Category: Data Breach
  • Content: The group claims to have leaked a dataset containing vehicle information from Israel, totaling over 1 million records. The exposed data reportedly includes license plate numbers, vehicle models and types, brand details, engine model, manufacturing year, safety ratings, pollution group classifications, and related vehicle attributes.
  • Date: 2025-12-13T20:07:48Z
  • Network: telegram
  • Published URL: https://t.me/topsecretdocumentsleaked/145 Screenshots: https://d34iuop8pidsy8.cloudfront.net/38469243-0038-480b-bd94-5af59ecd9af9.png
  • Threat Actors: JRINTEL FREE DATA V3
  • Victim Country: Israel
  • Victim Industry: Government & Public Sector
  • Victim Organization: israel car rental guide
  • Victim Site: israelcar.net

10. Alleged sale of multiple WordPress credentials

11. Alleged data breach of Burapha University

12. Alleged sale of Italian Citizens data

13. Alleged leak of login credentials from Departmental Personnel Information System, Ministry of Interior Thailand

14. Alleged data breach of Vivek Vidyalaya & Junior College

15. Vishnick McGovern Milizio LLP falls victim to Qilin Ransomware

16. Eastman Cooke & Associates falls victim to PLAY Ransomware

17. Viga Eatery & Catering falls victim to PLAY Ransomware

18. Alleged leak of unauthorized access to Student Care

19. Alleged leak of login credentials to Contributor Platform – KMUTT

20. Alleged leak of unauthorized access to Ramkhamhaeng University (e-Services portal)

21. Alleged data breach of D Prime

22. Alleged data breach of TradingBlock

23. Choate’s Air Conditioning, Heating, Plumbing and Electrical falls victim to PLAY Ransomware

24. Jabezco Industrial Group, Inc. falls victim to PLAY Ransomware

25. CINVESTAV falls victim to Qilin Ransomware

26. Alleged data breach of United Bank

27. Alleged leak of access to the login portal for the Budget Bureau

28. Shamrock Technologies falls victim to MEDUSA Ransomware

29. PT Sampoerna Agro Tbk falls victim to MEDUSA Ransomware

30. Thunder Bay Counselling falls victim to MEDUSA Ransomware

31. Alleged Data Breach of Northern College

32. Alleged data breach of State Aviation Service of Ukraine

  • Category: Data Breach
  • Content: The group claims to have leaked data from the State Aviation Administration of Ukraine, specifically documents related to the company ANTONOV. The compromised data reportedly includes aircraft loading and centering instructions, technical operation manuals, aircraft maintenance documentation, training programs, flight data recording system (FDR) parameter tables, maintenance and inspection reports, aircraft operator instructions, airworthiness management forms, parts and power plant catalogs, and technical journals related to aircraft onboard equipment.
  • Date: 2025-12-13T14:22:06Z
  • Network: telegram
  • Published URL: https://t.me/c/3076265882/59Screenshots:https://d34iuop8pidsy8.cloudfront.net/0abe35b2-2cba-41a7-a818-e896dd8f3c0e.pnghttps://d34iuop8pidsy8.cloudfront.net/55615c3f-93d4-4b5a-9cbd-385fbb47d5ea.png
  • Threat Actors: Dark Warios
  • Victim Country: Ukraine
  • Victim Industry: Government Administration
  • Victim Organization: state aviation service of ukraine
  • Victim Site: avia.gov.ua

33. Alleged sale of unauthorized access to HOTELCUBE WOW

34. 0xteam targets the website of The Change Portal

35. NOTRASEC TEAM targets the website of Villa Prespa

36. Alleged leak of Italy data

37. chinafans targets the website of VIP Container

38. Alleged data breach of DIF Baja California

39. Alleged data breach of Turing

40. Alleged sale of unauthorized access to Sweco

41. Alleged data leak of Allen Prep

42. LolForum targets the website of Trainer.crm

43. Alleged data breach of International Trade Promotion (DITP)

44. Alleged leak of login access to BEST Inc.

45. INDRAMAYU CHAOS SYSTEM targets the website of Holy Family College of Health Sciences

46. Alleged data sale of Taiwan Personal Information

47. Alleged data breach of APOIA.se

48. Cranford, Buckley, Schultze, Tomchin, Allen & Buie, P.A. falls victim to MintEye Ransomware

  • Category: Ransomware
  • Content: The group claims to have obtained 350 GB of the organization’s data. NB: The organization had previously fallen victim to Qilin ransomware on December 7, 2025. NB: The authenticity of the claim is yet to be verified.
  • Date: 2025-12-13T12:36:29Z
  • Network: openweb
  • Published URL: http://85.121.48.68/Screenshots:https://d34iuop8pidsy8.cloudfront.net/7da7e50b-6e01-4ee8-ab28-f58d3bbc0f8a.jpg
  • Threat Actors: MintEye
  • Victim Country: USA
  • Victim Industry: Law Practice & Law Firms
  • Victim Organization: cranford, buckley, schultze, tomchin, allen & buie, p.a.
  • Victim Site: southcharlottelawfirm.com

49. Alleged leak of U.S. database with SSNs and bank information

50. KEYLOGISTICS CHILE falls victim to MintEye Ransomware

51. Alleged data breach of declaraciones.gob.mx

52. Inter-American Tropical Tuna Commission (IATTC) falls victim to MintEye Ransomware

53. Sponseller Group Inc falls victim to MintEye Ransomware

54. David M. Schwarz Architects, Inc., falls victim to MintEye Ransomware

  • Category: Ransomware
  • Content: The group claims to have obtained 1.9 TB of the organization’s data. NB: it was previously falls victims to Qilin Ransomware on Dec 07 2025. NB: The authenticity of the claim is yet to be verified.
  • Date: 2025-12-13T11:47:45Z
  • Network: openweb
  • Published URL: http://85.121.48.68/Screenshots:https://d34iuop8pidsy8.cloudfront.net/dfd9181d-a928-4b0e-9dc7-3aa0c8eb7bdf.png
  • Threat Actors: MintEye
  • Victim Country: USA
  • Victim Industry: Architecture & Planning
  • Victim Organization: david m. schwarz architects, inc.
  • Victim Site: dmsas.com

55. Temple Shalom falls victim to DragonForce Ransomware

56. Alleged sale of Phanesware ransomware tool

57. JavaneseTeam targets the website of Digital Lisbon

58. Alleged breach of Thai Ministry of Finance systems

  • Category: Data Breach
  • Content: The group claims to have compromised an electronic system associated with the Thai Ministry of Finance, operated by a third-party company managing digital documents, internal emails, employee data, and internal work processes. The actors allege attacks on more than five websites over approximately three days and claim to have obtained around 468 GB of data.
  • Date: 2025-12-13T11:22:06Z
  • Network: telegram
  • Published URL: https://t.me/kkg_z/513Screenshots:https://d34iuop8pidsy8.cloudfront.net/76e75ad5-e315-4b31-88f4-669ff2c355e5.png
  • Threat Actors: KKG-Z
  • Victim Country: Thailand
  • Victim Industry: Government Administration
  • Victim Organization: Unknown
  • Victim Site: Unknown

59. Pharaoh’s Team Channel targets the website of CASABONA SILVER PALACE

60. LolForum targets the website of inkPOS

61. Cyb3r Drag0nz targets the website of World WebX

62. Alleged data breach of Deutsche Telekom AG

63. Watermark Beach Resort falls victim to Qilin Ransomware

64. Chema Ballester falls victim to Qilin Ransomware

65. Alleged data sale of Mondi Group

66. Alleged data leak of tridentcryptofund.com

67. Pharaoh’s Team Channel targets the website of parcelasriovenado

68. Alleged data breach of ASAP Services

69. Alleged data leak of Badan Kepegawaian Negara, Indonesia

70. Z-BL4CX-H4T claims to target multiple countries

71. Alleged leak of Turkish Ağrı University student exam data

72. Alleged data sale of DepEd, Division of Roxas City

73. Alleged data leak of mixed email list

74. Pharaoh’s Team Channel targets the website of matrimoniocaroycarlos.cl

75. Pharaoh’s Team Channel targets the website of Fantasy Escort

76. Alleged leak of Turkey’s health data

77. Pharaoh’s Team Channel targets the website of ECAIS

78. Pharaoh’s Team Channel targets the website of Sólo Maskotas

79. Pharaoh’s Team Channel targets the websites of Apardo

80. Pharaoh’s Team Channel targets the website of Cazafugas

81. Pharaoh’s Team Channel targets the website of tienminhtran.com

82. Pharaoh’s Team Channel targets the website of adbreakshop.com

83. Pharaoh’s Team Channel targets the website of tphoangmai

84. Alleged data leak of Hacienda Hermosillo

  • Category: Data Breach
  • Content: The threat actor claims to have leaked data from Hacienda Hermosillo, stating they accessed an interconnected system of four servers containing more than 350 GB of information. The actor alleges that only around 40 GB of data was exfiltrated due to the overall volume, but that the obtained files include sensitive materials such as source code, databases, and other internal information. NB: The authenticity of the claim is yet to be verified.
  • Date: 2025-12-13T06:09:29Z
  • Network: telegram
  • Published URL: https://t.me/c/3211040888/282Screenshots:https://d34iuop8pidsy8.cloudfront.net/f5cc2077-0f03-4bd6-bcf6-4a8bf7f728bd.png
  • Threat Actors: Chronus leaks
  • Victim Country: Mexico
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

85. Pharaoh’s Team Channel targets the website of saidkarout.de

86. Pharaoh’s Team Channel targets the website of Krishna Consulting

87. Pharaoh’s Team Channel targets the website of likesub.us

88. Pharaoh’s Team Channel targets the website of hangcali.shop

89. Pharaoh’s Team Channel targets the website of Legal Questions

90. Pharaoh’s Team Channel targets the website of Melissa’s Management & Consulting

91. Pharaoh’s Team Channel targets the website of Vieclamday

92. Pharaoh’s Team Channel targets the website of MMoReal

93. Pharaoh’s Team Channel targets the website of ChuTro

94. Alleged data sale of USA leads

95. Alleged sale of admin access to wordpress shop

96. Alleged data breach of Government of the State of Sonora

97. Alleged leak of login credentials to Contributor – KMUTT

98. Alleged leak of unauthorized login access to sqli.ssk.in.th

99. Alleged sale of unauthorized login access to sqli.ssk.in.th

100. Alleged data leak of Israel vehicle data

  • Category: Data Breach
  • Content: Group claims to have leaked more than 1M Israel vehicle data. The compromised data includes vehicle registration and technical details such as plate number, vehicle model, model type, brand, manufacturer and model codes (cd_mn, cd_model), nicknames (nickname, nickname2), vehicle condition, safety rating, pollution group, manufacturing year, and engine model.
  • Date: 2025-12-13T03:43:09Z
  • Network: telegram
  • Published URL: https://t.me/ZirconGroupPublic/643Screenshots:https://d34iuop8pidsy8.cloudfront.net/c4700957-04fd-4bb9-aea2-e91b21ed89bd.png
  • Threat Actors: Zircon Group
  • Victim Country: Israel
  • Victim Industry: Unknown
  • Victim Organization: Unknown
  • Victim Site: Unknown

101. Pharaoh’s Team Channel targets the website of Boki Now

102. Alleged leak of UK citizens data

103. INDRAMAYU CHAOS SYSTEM targets the website of Desa Sumedang Sari BMT OKU Timur

104. Federal Bureau of Investigation (FBI) falls victim to Obscura Ransomware

105. Ace Forwarding Inc. falls victim to Obscura Ransomware

106. Alleged data breach of Yalidine Express Company

Conclusion

The incidents detailed in this report highlight a diverse and active landscape of cyber threats. Data breaches and initial access sales are prominent, affecting various sectors from Education (e.g., Sripatum University, KidDiary School) to Government (e.g., Ministry of Interior Thailand) and Luxury Goods (PureJewels). The attacks impact countries including Thailand, France, UK, USA, and Italy. The compromised data ranges from login credentials and administrative access to personal user details and vehicle records. Beyond data compromise, the report also reveals significant ransomware activity, with groups such as Qilin and PLAY targeting organizations in Legal Services and Construction. The nature of these incidents emphasizes the critical importance of robust cybersecurity measures, including strong access controls, data protection strategies, and proactive threat intelligence to defend against a wide array of sophisticated and opportunistic attacks.

Related Posts